An ninh trên thiết bị di động

Mobile Device SecurityBased on materials from Tom Eston SecureState, Apple, Android Open Source Project, and William Enck NCSU... Android: DroidDream Malware• Infected 58 apps on Androi

Mobile Device Security

Based on materials from Tom Eston (SecureState),

Apple, Android Open Source Project, and William Enck (NCSU)

• Quick Overview of Mobile Devices

• iOS/Android Threats and Attacks

• iOS/Android Security

Overview of Mobile Devices

• Many connect to cellular

networks: billing system

• Cisco: 7 billion mobile

devices will have been sold

by 2012 [1]

Organization

• Quick Overview of Mobile Devices

• iOS/Android Threats and Attacks

• iOS/Android Security

iOS/Android Malware

• iOS malware: very little

• Juniper Networks: Major increase in Android malware from 2010 to 2011 [18]

• Android malware growth keeps increasing ($$$)

iOS Malware

• Malware, “fake apps” have hit iOS too

– iKee, first iPhone virus, “rickrolled” jailbroken

iDevices [25]

– Example “fake/similar” apps:

• Temple Run: Temple Climb, Temple Rush, Cave Run

• Angry Birds: Angry Zombie Birds, Shoot Angry Birds

• Not to mention “walkthroughs,” “reference” apps, etc

• Google Play banned such apps…

– iOS, Android hit with “Find and Call” app

• SMS spammed contacts from central server

• Removed from App Store, Google Play

Android: DroidDream Malware

• Infected 58 apps on Android

Market, March 2011

• 260,000 downloads in 4 days

• How it worked:

– Rooted phone via Android

Debug Bridge ( adb)

vulnerability

– Sent premium-rate SMS

messages at night ($$$)

• Google removed apps 4 days

after release, banned 3

developers from Market

• More malware found since

Android: Fake Angry Birds Space

• Logger stored/forwarded all received SMS messages

– Only needed SEND_SMS, RECEIVE_SMS, READ_SMS permissions

– Can send 100 SMS messages/hour

– One group put SMS logger on Google Play (removed it)

Android: Google Wallet

• Some credit card info

stored securely in secure

element

– Separate chip, SD card,

SIM card

• Unfortunately, other data

are not stored as securely

Android: Google Wallet

• NFC alone does not guarantee security

– Radio eavesdropping, data modification possible [22] – Relay attacks, spoofing possible with libnfc [23]

Android: Sophisticated NFC Hack

• Charlie Miller’s Black Hat 2012 presentation: Nokia, Android phones can be hijacked via NFC [24]

– NFC/Android Beam on by default on Android 2.3+,

• Quick Overview of Mobile Devices

• iOS/Android Threats and Attacks

• iOS/Android Security

iOS System Architecture (1)

– Root of trust: burnt into

boot ROM at the factory

– Each component’s

signature is verified

– If any signature doesn’t

match, the “connect to

iTunes” screen is shown

Icons from Double-J Design, IconBlock

iOS System Architecture (2)

• Software updates

– Cannot install older version of iOS on an iDevice; e.g.,

if device runs iOS 5.1.1, cannot install iOS 4

– Device cryptographically “measures” components,

sends to Apple install server with nonce, device ID

• Nonce: value used only once

• Prevents attacker from “replaying” the value

– Server checks measurements; if allowed, server adds device ID to measurements, signs everything

iOS Apps and App Store

• All iOS apps signed by Apple (not developer)

• Third-party apps signed only after:

– Developer ID verification (individual, company)

– Review: bugs, work correctly (program analysis)

• Each app sandboxed in its own directory

– Cannot communicate with other apps

– Apps need signed “entitlements” to access user data

• Further app protection:

– Address Space Layout Randomization (ASLR) for all apps– ARM eXecute Never (XN) bit set for all memory pages

iOS Data Protection Measures

• Each iDevice has hardware-accelerated crypto

operations (AES-256)

• Effaceable Storage: securely removes crypto keys from flash memory

– “Erase all content and settings” wipes user data using

Effaceable Storage (locally or remotely)

– Interact with mobile device management (MDM),

Exchange ActiveSync servers

– Developers can use APIs for secure file, database storage

• Passcodes

– Admins can require numeric, alphanumeric, etc

– Wipe device after 10 failed login attempts

iPhone Configuration Utility

Miscellaneous iOS Security

• Built-in support for

• Apps can access contacts

without permission (fixed

in iOS 6)

Source: [8]

iOS Jailbreaking

• Circumvents Apple’s iOS

security mechanisms

– Violates iDevice’s terms of use

– Allows installation of apps

from alternative app stores,

e.g., Cydia

– Removes app sandbox

– Usually replaces kernel with

one accepting non-Apple

signatures

– Tools: redsn0w, Absinthe, etc.

• Legal in U.S under DMCA

2010 exemption

Google Android Platform

– Includes T-Mobile, Sprint

Nextel, Google, Intel,

Samsung, etc [29]

– Free, open mobile handset

platform for industry [30]

• Flagship: Google Nexus 4

Android Architecture

Android Features and Software

• Features

– 3D: OpenGL ES 1.0

– SQLite: Database engine

– WebKit: Web browser

Android Security (1)

• Android built on Linux kernel, which provides

– User permissions model

– Process isolation

• Each app is assigned unique user/group IDs, run

as a separate process app sandbox ⇒

• System partition mounted read-only

• Android 3.0+ enables filesystem encryption using Linux dmcrypt (AES-128)

• Device admins can require passwords with

specific criteria, remote wipe devices, etc.

Android Security (2)

• Android device

administration (3.0+):

– Remote wipe

– Require strong password

– Full device encryption

– Disable camera

Android Security (3)

• Other protection mechanisms:

– Android 1.5+: stack buffer, integer overflow protection; double free, chunk consolidation attack prevention

– Android 2.3+: format string protection, NX, null pointer dereference mitigation

– Android 4.0+: ASLR implemented

– Android 4.1+: ASLR strengthened, plug kernel leaks

• Capability-based permissions mechanism:

– Many APIs are not invoked without permission, e.g.,

camera, GPS, wireless, etc

– Every app must declare the permissions it needs

– Users need to allow these permissions when installing app

Android Security (4)

• All Android apps need

to be signed: by the

developer, not Google

• Google Play app store

less regulated

– Apps available rapidly

after publishing

– Bouncer service scans

for malware in store [11]

Google Play permissions interface

Android Device Diversity (1)

• Android runs on various

devices

– Different devices run

different OS versions

– Device manufacturers often

add their own custom UIs,

software

– Mobile operators add their

own software

– Not all devices are updated

to latest Android version!

• Security challenges…

Android devices accessing Google Play, August 2012 Some devices are not always updated to the latest version These devices tend to have security vulnerabilities targeted

by attackers.

Source: [12]

Android Device Diversity (2)

• Notice many Android

devices are “orphaned”

without major updates

[13]

• Android developers

need to secure their

apps for many different

devices…

Android Device Diversity (3)

The OpenSignalMaps Android app sees almost 4,000 types of device clients Source: [14]

Rooting Android Devices

• Android device owners can often get root access to

their devices

– Process can be as simple as unlocking bootloader

– Sometimes, exploit bugs to get root

– Result: install OS of choice, bypass device/operator

restrictions

– Legal under 2010 DMCA exemption

• Security problems:

– Voids device warranty (usually)

– Circumvents app sandbox: root can modify any app’s files– Malware can root and own your device!

References (1)

14 Feb 2012,

http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c1 1-520862.html

http://www.samsung.com/global/business/semiconductor/product/application/detail?productId=76 68&iaId=2341

http://blog.nielsen.com/nielsenwire/online_mobile/two-thirds-of-new-mobile-buyers-now-opting-f or-smartphones/

2012,

http://www.insidemobileapps.com/2012/07/24/ios-device-sales-leapfrog-android-with-410-million-d evices-sold/

http://www.macworld.co.uk/ipod-itunes/news/index.cfm?newsid=16927

http://developer.apple.com/iphone/program/university.html

http://source.android.com/tech/security/index.html

Presentation organization inspired by T Eston, “Android vs iOS Security Showdown,” 2012,

12 Android Open Source Project, http://developer.android.com/about/dashboards/index.html

13 M DeGusta, “Android Orphans: Visualizing a Sad History of Support,” 26 Oct 2011,

of-support

18 Juniper Networks, Inc., “Global Research Shows Mobile Malware Accelerating,” 15 Feb

2012,

http://newsroom.juniper.net/press-releases/global-research-shows-mobile-malware-accelera ting-nyse-jnpr-0851976

References (4)

30 A J Aviv, K Gibson, E Mossop, M Blaze, and A M Smith, “Smudge Attacks on

Smartphone Touch Screens,” Proc USENIX WOOT, 2010.

31 X Ni, Z Yang, X Bai, A C Champion, and Dong Xuan, “DiffUser: Differentiated User

Access Control on Smartphones,” Proc IEEE Int’l Workshop on Wireless and Sensor

Networks Security (WSNS), 2009.

32 W Enck, P Gilbert, B.-G Chun, L P Cox, J Jung, P McDaniel, and A N Sheth,

“TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” Proc USENIX OSDI, 2010, http://appanalysis.org

33 W Enck, P Gilbert, B.-G Chun, L P Cox, J Jung, P McDaniel, and A N Sheth,

“TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” http://static.usenix.org/event/osdi10/tech/slides/enck.pdf

34 B Gu, X Li, G Li, A C Champion, Z Chen, F Qin, and D Xuan, “D2Taint:

Differentiated and Dynamic Information Flow Tracking on Smartphones for Numerous Data Sources,” Technical Report, 2012.